-
-
Notifications
You must be signed in to change notification settings - Fork 28
Example: AVAYA Logs
Lorenzo Mangani edited this page Aug 22, 2017
·
6 revisions
This example recipe will convert Avaya SM Application logs to SIP/HEP-JSON format, shipped to a HEP Capture Server via output_hep
module, and designed for cases where encrypted communication is unavailable off-the-wire.
- Working Alpha: testers welcome!
paStash needs the optional filter_app_avaya
and moment
modules installed in order to use this recipe.
# git clone https://github.com/sipcapture/paStash
# cd paStash/
# npm install
# npm install moment
input {
file {
path => "/var/log/your_avaya_log.log"
# start_index => 0
}
}
filter {
app_avaya {}
}
output {
if [rcinfo] != 'undefined' {
hep {
host => '127.0.0.1'
port => 9060
hep_id => 2222
hep_type => 1
}
}
}
./bin/pastash --config_file=/path/to/pastash_avaya.conf
Aug 22 10:24:11 hostname local2 AasSipMgr[25607]: +02:00 2017 584 1 com.avaya.asm | 1 com.avaya.asm SIPMSGT #012--------------------#01222/08/2017 10:24:11.584 <-- #012#011octets: 565, Body Length: 0#012#011ingress: { L10.0.0.1:44364/R10.0.0.2:15061/TLS/0xa }#012#011egress: { L10.0.0.3:5061/R10.0.0.4:56975/TLS/0x14 }#012#011APMsgContext: {#012#011#011OOD Req: false, TH: true, instance: true, isSIPS req'd: false, closeOnSend: false, targeted: true, loose target: false, DNS pending: false, toSD: false, flow token: "20", resp retries: 0, req retries: 0,#012#011#011FGMbrInstance: { <undefined> }#012#011#011FailedAssetListener: { <undefined> }#012#011#011APTarget: { Listener: { 10.0.0.2:5061 }, UID: 0 }#012#011}#012--------------------#012SIP/2.0 200 OK#015#012Call-ID: 608040fb_15e090aba3d#015#012CSeq: 463566 OPTIONS#015#012From: <sip:10.0.0.1:5060>;tag=592661102#015#012To: <sip:10.0.0.3:5061;sn=ASM1>;tag=03477566981702018_local.1493292998168_6091976_6095397#015#012Via: SIP/2.0/TLS 10.0.0.3:5061;branch=z9hG4bK-103d4d4-f6f75c29-400f8a53-0x7fdd70292
Aug 22 10:24:11 hostname local2 AasSipMgr[25607]: +02:00 2017 584 1 com.avaya.asm | 1 com.avaya.asm SIPMSGT+ 380#015#012Record-Route: <sip:[email protected];lr;transport=TLS>#015#012Av-Global-Session-ID: 468c7cf0-8713-11e7-938b-00505690a070#015#012Server: AVAYA-SM-7.0.1.2.701230#015#012Contact: <sip:10.0.0.3:5061;transport=tls;sn=ASM1>;+av-sci#015#012Content-Length: 0#015#012#015#012#012--------------------